Windows Tip Sheet
Where The Profiles Roam
The woes of roaming profiles brought on by EFS.
On a recent client visit, I was asked to try and troubleshoot some odd
messages in the Application event log of some Windows XP computers. Here
are a couple of samples:
Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1513
User: NT AUTHORITY\SYSTEM
Description: Windows cannot copy your profile because it contains encrypted
files or directories. The keys to decrypt the files or directories are
also stored in the profile and are not available now. Please decrypt the
files and try again. For more information, see Help and Support Center
at .
Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1504
Description: Windows cannot update your roaming profile. Possible causes
of this error include network problems or insufficient security rights.
If this problem persists, contact your network administrator. DETAIL -
The specified file is encrypted and the user does not have the ability
to decrypt it. For more information, see Help and Support Center at .
Seems pretty obvious -- something's wrong because the profiles contain
encrypted files. Sure enough, the users with the affected profiles used
Encrypting File System (EFS) to encrypt their profiles. My customer was
just trying to figure out how to get the keys into the right place to
make this work.
A perfect example of banging your head against a brick wall for naught:
Windows can't do EFS in roaming profiles. That's because, as the error
message says, the keys are in the profile, and Windows can't access the
keys until it copies the profile -- which it can't do until it gets the
keys -- which, oh I have a headache now.
You can achieve the same end effect, though. Instead, redirect the My
Documents folder to a network drive and encrypt the files there. The keys
will stay in the profile -- unencrypted -- and be accessible.
Additional Resources
Don Jones on HGTV
If you're a fan of Don Jones like we are over here at MCPmag.com,
don't miss Home & Garden TV's "Landscaper's Challenge" Episode
#906, featuring Don's home. In many areas, the episode will air on April
27th at 9:30 p.m., but be sure and check your local listings to get accurate
information for your area. (MCPmag.com hopes Don's home is just
as cool and efficient in the Las Vegas heat as his scripts and Windows
tips are helpful to you out there in admin-land.)
About the Author
Don Jones is a multiple-year recipient of Microsoft’s MVP Award, and is Curriculum Director for IT Pro Content for video training company Pluralsight. Don is also a co-founder and President of PowerShell.org, a community dedicated to Microsoft’s Windows PowerShell technology. Don has more than two decades of experience in the IT industry, and specializes in the Microsoft business technology platform. He’s the author of more than 50 technology books, an accomplished IT journalist, and a sought-after speaker and instructor at conferences worldwide. Reach Don on Twitter at @concentratedDon, or on Facebook at Facebook.com/ConcentratedDon.